Cisco 10008 Installation And Configuration Manual page 39

This statement causes the router to deny any packets remaining after processing the ACEs of the access
list. The implicit deny statement does not include the log keyword; therefore, the router does not send
packet information to the console for those packets denied by the implicit deny statement.
For example, the router processes the following ACL from top to bottom as follows:
access-list 108 permit udp any host 10.68.1.10 range 0 5000 log
access-list 108 permit udp host 10.1.1.10 range 0 5000 any log
•
•
•
Packet Statistics and PXF Counters
The PRE4 provides high performance Layer 3 processing using its PXF engine and route processor (RP).
As the PXF processes packets, counters such as the following reflect the internal operation of the PRE4:
•
•
•
The statistical information that the PXF counters provide is useful in analyzing and troubleshooting
denied and logged packets. Because the internal operation of the PRE4 differs for ACLs, the PXF
counters are inconsistent between the PREs. However, system-wide router behavior is consistent for
PREs despite the differences in counters.
The following sections describe the PXF counters and the way in which they increment.
IP Forwarding Counter
A Forwarding Information Base (FIB) lookup is one of the initial steps in forwarding a packet. When
the router forwarding processor needs information to forward a packet, it performs a lookup operation
on the FIB table. The IP forwarding counter reflects the state of that lookup operation. It does not reflect
whether or not the packet was forwarded. This counter increments each time an FIB lookup successfully
occurs.
ICMP Created Counters
Some FIB lookup operations can cause Internet Control Message Protocol (ICMP) messages to be
generated. For example, if a packet's time-to-live (TTL) expires, an address is unreachable, or an
ACL-denied packet is dropped, an ICMP message is generated. The ICMP created counters reflect the
number of ICMP packets created. The counters increment each time an FIB lookup results in the
generation of an ICMP message.
Feedback Counter
Sometimes the PXF cannot complete the processing of a packet before the packet completes a single pass
through the PXF; the packet requires additional processing. As a result, the packet is fed back through
the PXF and processing continues. This is referred to as a feedback operation.
OL-13840-01
Statement 1—Allows any UDP packet to access host 10.68.1.10 if the UDP destination port of the
packet is between 0 and 5000. The router logs packet information to the console if a match is made.
Statement 2—Allows any UDP packet from host 10.1.1.10 with a source port between 0 and 5000
to be permitted. The router logs packet information to the console if a match is made.
Implicit Deny—Denies all remaining packets and does not log the packet information to the console.
IP Forwarding Counter, page 39
ICMP Created Counters, page 39
Feedback Counter, page 39
Cisco 10008 Router PRE4 Installation and Configuration Guide
Analyzing and Troubleshooting Packets
39